1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Software
  5. FORTIOS V3.0 MR7
  6. User manual

Fortinet FORTIOS V3.0 MR7 User Manual

Ssl vpn user guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
U S E R G U I D E
FortiOS v3.0 MR7
SSL VPN User Guide
www.fortinet.com

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FORTIOS V3.0 MR7

Summary of Contents for Fortinet FORTIOS V3.0 MR7

  • Page 1 U S E R G U I D E FortiOS v3.0 MR7 SSL VPN User Guide www.fortinet.com...
  • Page 2 FortiGuard-Antispam, FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

  • Page 3: Table Of Contents

    Topology... 18 Configuration overview... 20 Configuring the SSL VPN client ... 20 SSL VPN Virtual Desktop application..21 FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Typographic conventions... 9 Legacy versus web-enabled applications ... 14 Authentication differences ... 14 Connectivity considerations ...
  • Page 4 Web portal home page features ... 66 Launching web portal applications ... 68 URL re-writing... 68 Adding a bookmark to the My Bookmarks list ... 69 Starting a session from the Tools area ... 80 Contents FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 5 Contents Tunnel-mode features ... 80 Working with the ActiveX/Java Platform plug-in ... 81 Uninstalling the ActiveX/Java Platform plugin ... 83 Logging out ... 83 Index... 85 FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 6 Contents FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 7: Introduction

    Introduction Introduction This section introduces you to FortiGate™ Secure Sockets Layer (SSL) VPN technology and provides supplementary information about Fortinet™ publications. The following topics are included in this section: • About FortiGate SSL VPN • About this document • FortiGate documentation •...

  • Page 8: About This Document

    Caution: Warns you about commands or procedures that could have unexpected or undesirable results including loss of data or damage to equipment. Introduction “Configuring a FortiGate describes the two modes of operation, FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 9: Typographic Conventions

    Document names File content Menu commands Program output Variables FortiGate documentation The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following • FortiGate QuickStart Guide Provides basic information about connecting and installing a FortiGate unit.

  • Page 10: Related Documentation

    • FortiGate VLANs and VDOMs User Guide Describes how to configure VLANs and VDOMS in both NAT/Route and Transparent mode. Includes detailed examples. Additional information about Fortinet products is available from the following related documentation. • FortiManager QuickStart Guide Explains how to install the FortiManager Console, set up the FortiManager Server, and configure basic settings.

  • Page 11: Forticlient Documentation

    Fortinet Tools and Documentation CD All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For up-to-date versions of Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com.

  • Page 12: Comments On Fortinet Technical Documentation

    Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network.

  • Page 13: Configuring A Fortigate Ssl Vpn

    SSL and IPSec VPN tunnels may operate simultaneously on the same FortiGate unit. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Comparison of SSL and IPSec VPN technology...

  • Page 14: Legacy Versus Web-Enabled Applications

    SSL supports sign-on to a web portal front-end, from which a number of different enterprise applications may be accessed. The Fortinet implementation enables you to assign a specific port for the web portal and to customize the login page if desired.

  • Page 15: Session Failover Support

    The feature comprises an SSL daemon running on the FortiGate unit, and a web portal, which provides users with access to network services and resources including HTTP/HTTPS, telnet, FTP, SMB/CIFS, VNC, RDP and SSH. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 SSL VPN modes of operation “Web-only mode”...

  • Page 16: Web-Only Mode Client Requirements

    SSL VPN tunnel mode can also be initiated from a standalone application on Windows/MacOS, and Unix. Configuring a FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 17: Tunnel-Mode Client Requirements

    IP address range or network that remote clients will be able to access behind the FortiGate unit. For example, networks, Subnet_1 and Subnet_2. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Figure 1 shows a FortiGate gateway (FortiGate_1) to two private...

  • Page 18: Infrastructure Requirements

    If the remote clients need tunnel-mode access, see requirements” on page Configuring a FortiGate SSL VPN Remote client Internet wan1 FortiGate_1 internal 192.168.22.1 Subnet_2 192.168.22.0/24 “Configuring firewall “Web-only mode client “Tunnel-mode client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 19: Configuration Overview

    SSL VPN Virtual Desktop should be used. (Windows XP only). FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 “Configuring SSL VPN settings” on page FortiGate Certificate Management User “Configuring user accounts and SSL VPN user...

  • Page 20: Ssl Vpn Virtual Desktop Application

    To download and run the SSL VPN Virtual Desktop application Go to the Fortinet Technologies home page at select Support. Under Support, enter your user name and password. This takes you to the Fortinet customer support site. Select Firmware Images and then FortiGate. Configuring a FortiGate SSL VPN http://support.fortinet.com/ FortiOS v3.0 MR7 SSL VPN User Guide...
  • Page 21 Configuring a FortiGate SSL VPN The FortiGate index page opens. Select v3.0 and then MR7. This takes you to the page with firmware images for MR7. Select SSL VPN Clients. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Configuring the SSL VPN client...
  • Page 22 Figure 2: FortiClient SSL VPN InstallShield Wizard welcome screen To run the SSL VPN Virtual Desktop application, select Start > All Programs > FortiNet > SSL VPN Virtual Desktop > SSL VPN Virtual Desktop. The FortiGate unit may offer you a self-signed security certificate. If you are prompted to proceed, select Yes.

  • Page 23: Using The Ssl Vpn Standalone Tunnel Clients

    There are separate download files for each operating system. The most recent version of the SSL VPN standalone client applications can be found at: http://support.fortinet.com/ FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Tunnel-mode client requirements for the specific Configuring the SSL VPN client...
  • Page 24 Under Support, enter your user name and password. This takes you to the Fortinet customer support site. Select Firmware Images and then FortiGate. Figure 3: Firmware Images selection on Fortinet customer support site The FortiGate index page opens. Figure 4: FortiGate index page Select v3.0 and then MR7.
  • Page 25 This takes you to the page with firmware images for MR7. Select SSL VPN Clients. To download the SSL VPN Windows client application, select FortiClientSSLVPNSetup_3.0.384.exe or FortiClientSSLVPN_3.0_384.msi and follow the InstallShield Wizard instructions. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Configuring the SSL VPN client...
  • Page 26 Configuring the SSL VPN client To use the SSL VPN standalone tunnel client (Windows) Go to Start > All Programs > Fortinet > FortiClient SSL VPN > FortiClient SSL VPN. Server Address Enter the IP address of the server you need to access.
  • Page 27 Go to the Fortinet Technologies home page at select Support. Under Support, enter your user name and password. This takes you to the Fortinet customer support site. Select Firmware Images and then FortiGate. The FortiGate index page opens. Select v3.0 and then MR7.
  • Page 28 Type your password and select Enter. The License Agreement dialog appears in the command line terminal window. Accept the License Agreement, and select Enter. Configuring a FortiGate SSL VPN you will have to set up system FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 29 The FortiClient SSL VPN tunnel client (Linux) opens. After this initial setup is complete, a user with a normal (non-administrator) account can establish a SSL VPN tunnel session. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Configuring the SSL VPN client...
  • Page 30 Select to save the value in User and Password for future logins. and password Keep connection Select to have the connection stay up until you log out. alive until manually stopped Configuring a FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 31 Go to the Fortinet Technologies home page at select Support. Under Support, enter your user name and password. This takes you to the Fortinet customer support site. Select Firmware Images and then FortiGate. The FortiGate index page opens. FortiOS v3.0 MR7 SSL VPN User Guide...
  • Page 32 The application installs the program ‘forticlientsslvpn’ in the Applications folder Unmount the disk image by selecting the disk image file ‘forticlientsslvpn_macos_3.0.nnn.dmg’ and dragging it into the Trash (nnn refers to the build number). Configuring a FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 33 In the Applications folder, select ‘forticlientsslvpn’ and drag it into the Trash. After you empty the Trash folder, the installed program is removed from the user computer. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Configuring the SSL VPN client...

  • Page 34: Configuring Ssl Vpn Settings

    VPN > SSL > Config and select Enable SSL-VPN. The FortiGate unit does not accept web-only mode or tunnel-mode connections while SSL VPN operation is disabled. Configuring a FortiGate SSL VPN Guide. FortiGate Administration Guide FortiGate “Customizing the web portal login page” FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 35 Require Client Certificate Encryption Key Algorithm Specifying the cipher suite for SSL FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Select to enable SSL VPN connections. Specify the range of IP addresses reserved for tunnel- mode SSL VPN clients. Type the starting and ending address that defines the range of reserved IP addresses.

  • Page 36: Specifying A Port Number For Web Portal Connections

    (for example, 10.254.254.0/24). Configuring a FortiGate SSL VPN Setting the idle timeout Adding a page. Adding WINS and DNS services for clients. “Specifying an IP address range Guide. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 37: Enabling Strong Authentication Through Security Certificates

    Go to VPN > SSL > Config. In the Idle Timeout field, type an integer value. The valid range is from 10 to 28800 seconds. Select Apply. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Configuring SSL VPN settings FortiGate Certificate Management User...

  • Page 38: Setting The Client Authentication Timeout Setting

    To display a custom popup window for a user group Go to User > User Group. Configuring a FortiGate SSL VPN 42). A FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 39: Customizing The Web Portal Login Page

    FortiGate user group definitions, which can optionally use established authentication mechanisms such as RADIUS and LDAP to authenticate remote clients. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 (see “Changing the authentication login page” in the “System Config”...
  • Page 40 Select RADIUS to authenticate this user using a password stored on a RADIUS server. Select the RADIUS server from the drop-down list. Select OK. Repeat this procedure for each remote user. Configuring a FortiGate SSL VPN FortiGate Administration Guide. FortiGate Certificate User_1) FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 41 Note: If a user has been configured to use tunnel-mode only, when they log in, the tunnel is brought up automatically. The split tunneling feature is not activated by default, it must be selected. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Configuring user accounts and SSL VPN user groups...
  • Page 42 Table 1 lists the products supported for clients who have Windows XP SP2. All other systems must have Norton (Symantec) AntiVirus or McAfee VirusScan software installed and enabled. Configuring a FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 43: Configuring Firewall Policies

    IP address of the intended recipient or network. In general, configuring a firewall policy involves: • specifying the IP source and destination addresses FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Product Configuring firewall policies Firewall VPN >...

  • Page 44: Configuring Firewall Addresses

    IP packets may be delivered (for example, Subnet_1). From the Type list, select Subnet/IP Range. In the Subnet/IP Range field, type the corresponding IP address and subnet mask (for example, 172.16.10.0/24). Configuring a FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 45 Create additional IP destination addresses and firewall policies if required for each additional user group. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Interface/Zone Select the FortiGate interface that accepts connections from remote users.

  • Page 46: Configuring Tunnel-Mode Firewall Policies

    Go to Firewall > Address and select Create New. In the Address Name field, type a name that represents the IP address that is permitted to set up SSL VPN connection. Configuring a FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 47 Source Destination Service Action SSL Client Certificate Restrictive FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Interface/Zone Select the FortiGate interface that accepts connections from remote users (for example, external). Address Name Select the name that corresponds to the IP address of the remote user.

  • Page 48: Configuring Ssl Vpn Event-Logging

    FortiGate CLI If the options are concealed, select the blue arrow beside each option to reveal and configure associated settings. Configuring a FortiGate SSL VPN 46) and FortiGate Log Message Reference. Reference. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 49: Monitoring Active Ssl Vpn Sessions

    Begin Time Description When a tunnel-mode user is connected, the Description field displays the IP address that the FortiGate unit assigned to the remote host (see FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Guide. The identifier of the connection.

  • Page 50: Configuring Ssl Vpn Bookmarks And Bookmark Groups

    • Configuring SSL VPN settings • Monitoring active SSL VPN sessions • Configuring SSL VPN bookmarks and bookmark groups • Configuring SSL VPN bookmarks Configuring a FortiGate SSL VPN Delete Delete Edit FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 51: Configuring Ssl Vpn Bookmarks

    Monitoring active SSL VPN sessions • Configuring SSL VPN bookmarks and bookmark groups • Viewing the SSL VPN bookmark list FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Configuring SSL VPN bookmarks and bookmark groups Bookmarks list. service from the drop-down list: •...

  • Page 52: Viewing The Ssl Vpn Bookmark Groups List

    Configuring SSL VPN bookmark groups Go to VPN > SSL > Bookmark Group and select Create New to create a group of selected bookmarks. Figure 11: Create New Bookmark Group Configuring a FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 53: Assigning Ssl Vpn Bookmark Groups To Ssl Vpn Users

    SSL VPN users in the selected SSL VPN user group. Figure 12: Assigning a bookmark group to a user FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Configuring SSL VPN bookmarks and bookmark groups Type the name of the bookmark group.

  • Page 54: Ssl Vpn Host Os Patch Check

    10.1.1.1 set sslvpn-tunnel-endip 10.1.1.10 set sslvpn-webapp enable set sslvpn-os-check enable config sslvpn-os-check-list "windows-2000" set action check-up-to-date set latest-patch-level 3 Configuring a FortiGate SSL VPN ) and above permission to access SSL FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 55: Granting Unique Access Permissions For Ssl Vpn Tunnel User Groups

    (with the user as a member) is assigned a dedicated IP range (with no overlap) and therefore can have different access permissions. Figure 13: SSL VPN configuration for unique access permissions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Granting unique access permissions for SSL VPN tunnel user groups set tolerance 1 config sslvpn-os-check-list "windows-xp"...

  • Page 56: Sample Configuration For Unique Access Permissions With Tunnel Mode User Groups

    After you create the users, you must create the SSL VPN user groups. In order to configure each user with different access permissions, you must create separate user groups and designate specific IP ranges for each group. Configuring a FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 57: Granting Unique Access Permissions For Ssl Vpn Tunnel User Groups

    Go to Firewall > Address to create the source and destination addresses to specify in the firewall policies. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Granting unique access permissions for SSL VPN tunnel user groups...
  • Page 58 The policy for user1 is an SSL-VPN firewall policy that includes the applicable source and destination addresses, and has group1 as the user group attached to the policy. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 59 Figure 20: user2 firewall policy To view the SSL VPN policies, go to Firewall > Policy. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Granting unique access permissions for SSL VPN tunnel user groups...

  • Page 60: Ssl Vpn Virtual Interface (Ssl.root)

    If you are configuring Internet access through an SSL VPN tunnel, the following configuration must be added: • ssl.root > External, with the action set to Accept, with NAT enabled Configuring a FortiGate SSL VPN Configuring FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 61 Destination address Action NAT enabled Protection profile To allow SSL-tunnel users to access a policy-based VPN peer network: Peer network policy Source Source address FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 wan1 internal internal subnet sslvpn ssl user group(s) ssl.root...

  • Page 62: Ssl Vpn Dropping Connections

    Use following commands in CLI to resolve the issue: config vpn ssl settings set route-source-interface enable Note: This CLI command is only available in FortiOS 3.00 MR4 and higher. Configuring a FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 63 Configuring a FortiGate SSL VPN SSL VPN dropping connections FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 64: Ssl Vpn Dropping Connections

    SSL VPN dropping connections Configuring a FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 65: Working With The Web Portal

    This message is displayed because the FortiGate unit is attempting to redirect your web browser connection. You can ignore the message. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Connecting to the FortiGate unit...

  • Page 66: Web Portal Home Page Features

    The FortiGate unit will redirect your web browser to the FortiGate SSL VPN Remote Access Web Portal home page automatically. The FortiGate SSL VPN Remote Access Web Portal home page is displayed after you log in. Working with the web portal FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 67 My Bookmarks If your user account permits tunnel-mode connections, you can install/uninstall Fortinet SSL VPN client software and/or initiate an SSL VPN tunnel with the FortiGate unit. Selecting the Activate SSL-VPN Tunnel Mode link at the top of the home page displays the Fortinet SSL VPN Client area.

  • Page 68: Launching Web Portal Applications

    For example, in the case of the URL http://test.org/index.html, the FortiGate unit would translate to the following: https://<sslvpn_host:port>/proxy/http/Z<encrypted hex value>/index.html Working with the web portal “Starting a session from the Tools area”. “Adding a bookmark area”). FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 69: Adding A Bookmark To The My Bookmarks List

    Details Delete and Edit icons Delete or edit an entry in the list. Figure 24: New Bookmark dialog box FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Create a hyperlink. The names of links to remote server applications and network services.
  • Page 70 In the URL field, type the URL of the web server (for example, http://www.mywebexample.com or https://172.20.120.101). Select OK. To connect to the web server, select the hyperlink that you created. Working with the web portal FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 71 A telnet session starts and you are prompted to log in to the remote host. You must have a user account to log in. After you log in, you may enter any series of valid telnet commands at the system prompt. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Launching web portal applications...
  • Page 72 When you are prompted to log in to the remote host, type your user name and password. You must have a user account on the remote host to log in. Select Login. Working with the web portal FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 73 From the Application Type list, select SMB/CIFS. In the Shared File Folder field, type the IP address of the SMB host and the root directory associated with your account (for example, //10.10.10.10/share/). FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Launching web portal applications...
  • Page 74 When the current directory is a subdirectory, you can select Up to switch to the parent directory. To end the SMB/CIFS session, select Logout. Working with the web portal New Directory Logout Delete Rename FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 75 When you are prompted to log in to the remote host, type your user name and password. You must have a user account on the remote host to log in. Select OK. To end the VNC session, select Disconnect. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Launching web portal applications...
  • Page 76 In the Title field, type a name to represent the connection. From the Application Type list, select RDP. In the Shared File Folder field, type the IP address of the RDP host (for example, 10.10.10.10). Select OK. Working with the web portal FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 77 When you are prompted to log in to the remote host, type your user name and password. You must have a user account on the remote host to log in. Select Login. To end the RDP session, select Logout. FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Launching web portal applications...
  • Page 78 A second message may be displayed to inform you of a host name mismatch. This message is displayed because the FortiGate unit is attempting to redirect your web browser connection. Select Yes to proceed. Select Connect. Working with the web portal FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 79 • Logging out • Adding a bookmark to the My Bookmarks list • URL re-writing • Working with the ActiveX/Java Platform plug-in • Uninstalling the ActiveX/Java Platform plugin FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Launching web portal applications...

  • Page 80: Starting A Session From The Tools Area

    The FortiGate SSL VPN Remote Access Web Portal page is displayed after you log in. Selecting the Activate SSL-VPN Tunnel Mode link at the top of the home page displays the Fortinet SSL VPN Client area. If your user account permits tunnel-mode connections, you can install/uninstall SSL VPN client software and/or initiate an SSL VPN tunnel with the FortiGate unit.

  • Page 81: Working With The Activex/Java Platform Plug-In

    VPN tunnel with the FortiGate unit. Controls for downloading and installing the ActiveX/Java Platform plug-ins are displayed in the Fortinet SSL VPN Client area of the web portal. You only have to install the ActiveX/Java Platform plug-ins once. Afterward, you can use the SSL VPN client software to initiate a VPN tunnel with the FortiGate unit whenever you access the web portal.
  • Page 82 At the top of the web portal home page, select the Activate SSL-VPN Tunnel Mode link. The FortiGate unit may prompt you to install a Fortinet SSL VPN Client plugin. Follow the instructions provided to install ActiveX or Java Platform.

  • Page 83: Uninstalling The Activex/Java Platform Plugin

    Select Connect. Figure 26: Tunnel established After the “Fortinet SSL VPN client connected to server” message is displayed and the Disconnect button is enabled (see Figure 26), you have direct access to the network behind the FortiGate unit, subject to the conditions of the FortiGate firewall policy.
  • Page 84 Logging out Working with the web portal FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...

  • Page 85: Index

    36 connections defining bookmarks to 69 enabling SSL VPN 36 connectivity, testing for 24, 80 customer service 12 deployment topology 19 FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 documentation commenting on 12 Fortinet 9 downloading Linux client 28...
  • Page 86 65 URL obfuscation 68 URL re-writing 68 user accounts, creating 42 user groups configuring SSL VPN tunnel-mode 57 creating unique access permissions 57 user groups, creating 42 FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 Index...
  • Page 87 40 applications 68 customizing login page 41 Fortinet SSL VPN Client area 80, 82 home page features 66 FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718 redirecting to popup window 40 setting login page port number 38 Tools area 68...
  • Page 88 Index FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080718...
  • Page 89 www.fortinet.com...
  • Page 90 www.fortinet.com...

Table of Contents